automatic mapping basing on SID and RID
by MRPopey from LinuxQuestions.org on (#5AQR2)
I need to upgrade RHEL 6 to RHEL 7 so I try to understand how mapping happen.
Code:[global]
workgroup = EXAMPLE
realm = EXAMPLE.BIZ
interfaces = samba.EXAMPLE.biz
password server = dc1.EXAMPLE.biz, dc3.EXAMPLE.biz
security = ADS
passwd program = /usr/bin/smbpasswd
max log size = 1000
local master = No
read only = No
create mask = 0700
directory mask = 0700
short preserve case = No
dos filetime resolution = Yes
nt acl support = yes
encrypt passwords = yes
idmap uid = 10000-50000
idmap gid = 10000-50000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
usershare allow guests = yes
add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u
idmap config DOMAIN:backend = rid
idmap config DOMAIN:range = 10000-199999
idmap config TRUSTED:backend = rid
idmap config TRUSTED:range = 210000-299999
acl check permissions = yes
map acl inherit = yes
inherit acls=no
inherit owner=no
inherit permissions=no
min protocol = NT1
max protocol = SMB2Now let's take some user:
Code:# id samba2test
uid=25850(samba2test) gid=17422(domain users)
wbinfo -n samba2test
S-1-5-21-443245116-2925183723-4037825526-19027 SID_USER (1)How does it work? Some webpages says it should be RID(19027) + LOW RANGE idmap uid(10000) but it doesn't match uid=25850 != 29027
What am I missing?
Code:[global]
workgroup = EXAMPLE
realm = EXAMPLE.BIZ
interfaces = samba.EXAMPLE.biz
password server = dc1.EXAMPLE.biz, dc3.EXAMPLE.biz
security = ADS
passwd program = /usr/bin/smbpasswd
max log size = 1000
local master = No
read only = No
create mask = 0700
directory mask = 0700
short preserve case = No
dos filetime resolution = Yes
nt acl support = yes
encrypt passwords = yes
idmap uid = 10000-50000
idmap gid = 10000-50000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind enum groups = yes
winbind enum users = yes
winbind use default domain = yes
usershare allow guests = yes
add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 100 -s /bin/false -M %u
idmap config DOMAIN:backend = rid
idmap config DOMAIN:range = 10000-199999
idmap config TRUSTED:backend = rid
idmap config TRUSTED:range = 210000-299999
acl check permissions = yes
map acl inherit = yes
inherit acls=no
inherit owner=no
inherit permissions=no
min protocol = NT1
max protocol = SMB2Now let's take some user:
Code:# id samba2test
uid=25850(samba2test) gid=17422(domain users)
wbinfo -n samba2test
S-1-5-21-443245116-2925183723-4037825526-19027 SID_USER (1)How does it work? Some webpages says it should be RID(19027) + LOW RANGE idmap uid(10000) but it doesn't match uid=25850 != 29027
What am I missing?